From 818ce46d9780c7a04ac04a3f116021f1edadd476 Mon Sep 17 00:00:00 2001 From: "bbaetz%student.usyd.edu.au" <> Date: Sat, 26 Oct 2002 08:56:55 +0000 Subject: Bug 147833 - start using CGI.pm r=gerv, justdave --- attachment.cgi | 65 +++++++++++++++++++++++++++++++++------------------------- 1 file changed, 37 insertions(+), 28 deletions(-) (limited to 'attachment.cgi') diff --git a/attachment.cgi b/attachment.cgi index b185312c6..6e9379af1 100755 --- a/attachment.cgi +++ b/attachment.cgi @@ -33,16 +33,11 @@ use strict; use lib qw(.); use vars qw( + $cgi $template $vars ); -# Win32 specific hack to avoid a hang when creating/showing an attachment -if ($^O eq 'MSWin32') { - binmode(STDIN); - binmode(STDOUT); -} - # Include the Bugzilla CGI and general utility library. require "CGI.pl"; @@ -89,12 +84,12 @@ elsif ($action eq "insert") ValidateBugID($::FORM{'bugid'}); ValidateComment($::FORM{'comment'}); validateFilename(); - validateData(); - validateDescription(); validateIsPatch(); + my $data = validateData(); + validateDescription(); validateContentType() unless $::FORM{'ispatch'}; validateObsolete() if $::FORM{'obsolete'}; - insert(); + insert($data); } elsif ($action eq "edit") { @@ -198,13 +193,14 @@ sub validateContentType } elsif ($::FORM{'contenttypemethod'} eq 'autodetect') { + my $contenttype = $cgi->uploadInfo($cgi->param('data'))->{'Content-Type'}; # The user asked us to auto-detect the content type, so use the type # specified in the HTTP request headers. - if ( !$::FILE{'data'}->{'contenttype'} ) + if ( !$contenttype ) { ThrowUserError("missing_content_type"); } - $::FORM{'contenttype'} = $::FILE{'data'}->{'contenttype'}; + $::FORM{'contenttype'} = $contenttype; } elsif ($::FORM{'contenttypemethod'} eq 'list') { @@ -247,29 +243,40 @@ sub validatePrivate sub validateData { - $::FORM{'data'} - || ThrowUserError("zero_length_file"); + my $maxsize = $::FORM{'ispatch'} ? Param('maxpatchsize') : Param('maxattachmentsize'); + $maxsize *= 1024; # Convert from K - my $len = length($::FORM{'data'}); + my $fh = $cgi->upload('data'); + my $data; - my $maxpatchsize = Param('maxpatchsize'); - my $maxattachmentsize = Param('maxattachmentsize'); - - # Makes sure the attachment does not exceed either the "maxpatchsize" or - # the "maxattachmentsize" parameter. - if ( $::FORM{'ispatch'} && $maxpatchsize && $len > $maxpatchsize*1024 ) + # We could get away with reading only as much as required, except that then + # we wouldn't have a size to print to the error handler below. { - $vars->{'filesize'} = sprintf("%.0f", $len/1024); - ThrowUserError("patch_too_large"); - } elsif ( !$::FORM{'ispatch'} && $maxattachmentsize && $len > $maxattachmentsize*1024 ) { - $vars->{'filesize'} = sprintf("%.0f", $len/1024); - ThrowUserError("file_too_large"); + # enable 'slurp' mode + local $/; + $data = <$fh>; } + + $data + || ThrowUserError("zero_length_file"); + + # Make sure the attachment does not exceed the maximum permitted size + my $len = length($data); + if ($maxsize && $len > $maxsize) { + $vars->{'filesize'} = sprintf("%.0f", $len/1024); + if ( $::FORM{'ispatch'} ) { + ThrowUserError("patch_too_large"); + } else { + ThrowUserError("file_too_large"); + } + } + + return $data; } sub validateFilename { - defined $::FILE{'data'} + defined $cgi->upload('data') || ThrowUserError("file_not_specified"); } @@ -428,13 +435,15 @@ sub enter sub insert { + my ($data) = @_; + # Insert a new attachment into the database. # Escape characters in strings that will be used in SQL statements. - my $filename = SqlQuote($::FILE{'data'}->{'filename'}); + my $filename = SqlQuote($cgi->param('data')); my $description = SqlQuote($::FORM{'description'}); my $contenttype = SqlQuote($::FORM{'contenttype'}); - my $thedata = SqlQuote($::FORM{'data'}); + my $thedata = SqlQuote($data); my $isprivate = $::FORM{'isprivate'} ? 1 : 0; # Insert the attachment into the database. -- cgit v1.2.3-24-g4f1b